Why not transfert the wireless-independant AP functionalities onto a central Ethernet-PC ?

[Dominique Blas]

Le Mardi 21 Octobre 2003 22:22, Jean Tourrilhes a écrit :
> Dominique Blas wrote :
> > as you can see market AP products are evolving so fast that a new
> > generation appears every 4 months.  I do not speak of 802.11
> > standards but only about wireless-independant fonctionalities like
> > WEP, WEP2, TKI, EAP, WEP key distribution, and so on.
>
> 	That's why sensible people/companies are deploying IPsec. Just
> one IPsec gateway to serve any number of APs you want, and IPsec is
> proven to be secure. Obviously, all the AP vendor want to lock you in
> their hardware and upgrade cycle, so would rather pretend that IPsec
> won't work.

Hi Jean,

I'm using IPSEC everyday so I know about it.

But IPSEC is acceptable for closed populations. And is difficult or impossible to deploy on public hotspots !
On such a population you are compelled to follow the different recommandations and standards. No way of doing your own things, it doesn't work because you don't know anything about
the people (and his PC) that lie behind an dynamic IP address and you don't want to change anything on his PC beacause you fear to loose him if things are going wrong.
Moreover IPSEC clients are not very easy to install, even for an expert : application, configuration and certificates.

That is why I suggested to transfert this kind of public secure fonctionalities on a PC rather than using the ones insides the APs.
It's understandable that AP manufacturers (cartel ?) try to lock their customers in their upgrade cycle but we, the hostap community, we know about that system. So why don't we
upgrade hostapd in order to support this kind of things when running on an Ethernet interface ?

> 	Now, if we could get IPsec accelerated hardware and proper
> IPsec integration in the OS, life would be much better.

db